CVE-2007-0620
Summary
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
- LOW
- NETWORK
- NONE
- NONE
- PARTIAL
- NONE
References
Advisory Timeline
- Published